On 18 jul 2010, at 10.27, John C Klensin wrote:
Those problems are most evident with
aliases like CNAME and DNAME but, from the cross-tree pointer
perspective, MX, NAPTR, and your new proposal may be just
aliases on steroids.
My suggestion in this draft (as explained in the Security Considerations
Section of draft-faltstrom-uri) is to have the URI RR secured by DNSSEC, and
then SSL cert match the hostname in the URI that you find in the RDATA.
Description: This is a digitally signed message part
Ietf mailing list